Massive npm Supply Chain Attack Compromises AntV Ecosystem, Steals CI/CD Secrets at Scale (opens in new tab)

A critical supply chain attack compromised the npm account “atool” and poisoned over 600 versions of 323 widely-used packages across the @antv data visualization ecosystem, timeago.js, echarts-for-react, and dozens of other libraries collectively downloaded approximately 16 million times per week. The attack, attributed to the threat group TeamPCP and branded as Wave 5 of the […] The post appeared first on .